I have been trying to solve a malware problem for the past couple days in a certain chinese phone (Android system version=6.0), the problem I am facing is that a malware keeps being reinstalled even after uninstallation, I have tried a couple of methods to no avail.
First, I tried uninstalling using the pm command, rebooted the phone and the problem was gone but as soon as I was connected to the internet the malware was installed again. I didn't want to touch the system at first so I tried to start a fresh and performed a factory reset. I tried using the internet again and I was back to square one, this time with more than 5 malware apps installed. I checked the installer package for the malware packages using pm list packages -i and all I got was installer=null so I couldn't get the app responsilble.
After this I was sure the problem lied within the system so I took fresh system images from 2 different factory ROMs and flashed them separately to the device each time performing a factory reset before switching the phone on and believe it or not when I connected to WiFi again the malware apps were still reinstalled.
I then tried capturing the traffic using Packet Capture in hope to see what app was responsible for downloading the malware, for the entire time of the packet capture session (about 1 hour) I was using internet without seeing any malware, I stopped capturing packets and after a period of 5-6 hours of using internet the malware problem began again. At this point I have really tried everything I know to spot the culprit app that installs the malware and I have run out of options, so is there really a way to get what process or app that caused silent installation of a package or should I just admit defeat and move on?
Here is a list of some malware package names:
com.yunshi.market
com.app.dov
com.glb.compass
com.loee.lv
com.androidapp.filemanager
No comments:
Post a Comment